Thursday, November 26, 2015

2015-048: The rise of the Shadow... IT!


Cheryl Biswas gave a great talk last month at Bsides Toronto.  I was intrigued by what "Shadow IT" and "Shadow Data" means, as there appears to be some disparity. Why can't you write policy to enforce standards? As easy as it sounds, it's quickly becoming a reason young talented people might skip your company. Who wants to use Blackberries and Gateway laptops, when sexy new MacBook Airs and iPhone 6S exist?

This also leads to the issue of business data being put on personal devices, which as anyone knows can cause a whole host of additional issues. Malware installed on personal devices can make for sharing business secrets a cinch.

So, while Mr. Boettcher was working, I managed to wrangle a quick interview with Cheryl out of her offices in Toronto, Ontario.

Cheryl gave us some great audio, and when you're done, you can watch her Bsides Toronto talk.  

Direct Link: 

iTunes Link: 

Cheryl's Twitter: https://www.twitter.com/3ncr1pt3d

Cheryl's BsidesTO talk: https://www.youtube.com/watch?v=q0pNWpWFKBc

 

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Join our Patreon!: https://www.patreon.com/bds_podcast

Comments, Questions, Feedback: bds.podcast@gmail.com


Here is a new episode of Brakeing Down Security!

Friday, November 20, 2015

2015-047-Using BSIMM framework to measure your software security lifecycle


Business Security in Maturity Model (#BSIMM) is a #framework that is unique in that it gives your company a measuring stick to know how certain industry verticals.

We didn't want to run through all 4 sections of the BSIMM, so this time, we concentrated on the #software #security standards, the "Deployment" section specifically...

BSIMMV6 download (just put junk in the fields, and download ;) ): https://www.bsimm.com/download/

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-047_BSIMM.mp3

 

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

 

 


Here is a new episode of Brakeing Down Security!

Wednesday, November 11, 2015

2015-046: Getting Security baked in your web app using OWASP ASVS


During our last podcast with Bill Sempf (@sempf), we were talking about how to get developers to understand how to turn a vuln into a defect and how to get a dev to understand how vulns affect the overall quality of the product.

 

During our conversation, a term "ASVS" came up. So we did a quick and dirty session with Bill about this.  It's a security #requirements #document that ensures that projects that are being scoped out are meeting specific security requirements. This can be a valuable ally when your company is creating products or software applications. Bill explains with us this week exactly how you incorporate this into your Secure #SDLC #lifecycle

 

#project #management #security #architect

Direct Link: http://traffic.libsyn.com/brakeingsecurity/sempf2.mp3

iTunes Link: 

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Bill's Bside Columbus talk on ASVS: http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/defense00-got-software-need-a-security-test-plan-got-you-covered-bill-sempf

Bill's Blog: http://www.sempf.net

Bill's Twitter: http://www.twitter.com/sempf

BrakeSec Podcast Twitter: http://www.twitter.com/brakesec


Here is a new episode of Brakeing Down Security!

Wednesday, November 4, 2015

2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!


When you receive a #pentest or vuln scan report, we think in terms of #SQLi or #XSS. Take that report to your dev, and she/he sees Egyptian hieroglyphics and we wonder why it's so difficult to get devs to understand.

It's a language barrier folks. They think terms of defects or how something will affect the customer experience. We think in terms of #vulnerabilities, and what caused the issue. We need to find that common ground, and often, that will mean us heading into unfamiliar territory. It doesn't have to be 'us vs. them'. We are supposed to be a team. 

Join us this week as we discuss that very topic with Bill #Sempf. Bill has spent nearly 25 years doing software development and security, working as an independent contractor for dozens of companies on hundreds of #software #projects. He helps us figure out how to speak 'dev', and to develop a mindset that will ensure you can get the most out of interactions with developers and coders.

Show notes: http://brakeingsecurity.com/2015-045-care-and-feeding-of-devs-podcast-edition-with-bill-sempf

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-045_Bill_Sempf-care_and_feeding_of_devs.mp3

Itunes: 

Bill's #DerbyCon Talk "#Developers: Care and Feeding":

http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me11-developers-care-and-feeding-bill-sempf

Bill's Blog: https://sempf.net/

Bill's Twitter: @sempf  

Check us out using the #TuneIn App!: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

#RSS: http://www.brakeingsecurity.com/rss

 


Here is a new episode of Brakeing Down Security!